From owner-freebsd-security@FreeBSD.ORG Sun Jul 17 10:14:18 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C3218106564A; Sun, 17 Jul 2011 10:14:18 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 9EB1F8FC12; Sun, 17 Jul 2011 10:14:18 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 533C846B32; Sun, 17 Jul 2011 06:14:18 -0400 (EDT) Date: Sun, 17 Jul 2011 11:14:18 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Stacey Son In-Reply-To: Message-ID: References: <1191160420.20110629145915@serebryakov.spb.ru> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org, Lev Serebryakov Subject: Re: OpenBSM: does somebody work on it? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jul 2011 10:14:18 -0000 On Wed, 29 Jun 2011, Stacey Son wrote: >> I'm trying to use audit, and has some problems. First one is impossiblity >> to create custom event class, and second one I hit is with auditreduce(1) >> >> auditreduce doesn't filter events by date (-b/-a/-d options with any >> arguments produces empty output), it doesn't merge files properly and >> doesn't pick up files automagically, as Solaris' one does. It doesn't have >> -C/-M/-O functionality of Solaris' one, too. So, proper merging of audit >> trial files seems to be impossible :( >> >> I could try to fix & extend auditreduce(1), but does somebdy but me need >> it? >> >> Does somebody use audit on FreeBSD on production systems? > > FYI, a better place to discuss this would be the trustedbsd-audit mailing > list. There are quite of few people that use OpenBSM in production on > FreeBSD and Mac OS X that hang out on that list usually. Hi Lev: Just catching up on back e-mail, and bumped into this thread. Did you file PRs for these bugs? As Stacey mentions, the trustedbsd-audit mailing list is where most discussion of OpenBSM takes place. It's generally pretty quiet, but there are quite a few people using audit in production, and I'm sure they'd appreciate bug reports (and even fixes!). Robert From owner-freebsd-security@FreeBSD.ORG Sun Jul 17 11:09:43 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9CDFD1065673 for ; Sun, 17 Jul 2011 11:09:43 +0000 (UTC) (envelope-from patpro@patpro.net) Received: from rack.patpro.net (rack.patpro.net [193.30.227.216]) by mx1.freebsd.org (Postfix) with ESMTP id 3FE308FC0C for ; Sun, 17 Jul 2011 11:09:43 +0000 (UTC) Received: from rack.patpro.net (localhost [127.0.0.1]) by rack.patpro.net (Postfix) with ESMTP id EA3331CC020; Sun, 17 Jul 2011 13:09:41 +0200 (CEST) X-Virus-Scanned: amavisd-new at patpro.net Received: from amavis-at-patpro.net ([127.0.0.1]) by rack.patpro.net (rack.patpro.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wu2cQyh5Gefw; Sun, 17 Jul 2011 13:09:39 +0200 (CEST) Received: from [127.0.0.1] (localhost [127.0.0.1]) by rack.patpro.net (Postfix) with ESMTP; Sun, 17 Jul 2011 13:09:39 +0200 (CEST) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: multipart/signed; boundary=Apple-Mail-22--266187308; protocol="application/pkcs7-signature"; micalg=sha1 From: Patrick Proniewski In-Reply-To: Date: Sun, 17 Jul 2011 13:09:37 +0200 Message-Id: <8240B0C4-6D3D-4D89-A6D0-F688E646E5BC@patpro.net> References: <1191160420.20110629145915@serebryakov.spb.ru> To: Robert Watson X-Mailer: Apple Mail (2.1084) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Liste FreeBSD-security Subject: Re: OpenBSM: does somebody work on it? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jul 2011 11:09:43 -0000 --Apple-Mail-22--266187308 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 17 juil. 2011, at 12:14, Robert Watson wrote: > Just catching up on back e-mail, and bumped into this thread. Did you = file PRs for these bugs? As Stacey mentions, the trustedbsd-audit = mailing list is where most discussion of OpenBSM takes place. It's = generally pretty quiet, but there are quite a few people using audit in = production, and I'm sure they'd appreciate bug reports (and even = fixes!). The trusted BSD project web site looks like it has not been updated = since 2009, and mailing lists archives stop at january 2007. That's nice = to read they are still alive. But where are the archives then? patpro --Apple-Mail-22--266187308-- From owner-freebsd-security@FreeBSD.ORG Sun Jul 17 12:23:49 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3D33106566B; Sun, 17 Jul 2011 12:23:49 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 7D78D8FC0A; Sun, 17 Jul 2011 12:23:49 +0000 (UTC) Received: from [192.168.2.112] (host81-159-167-239.range81-159.btcentralplus.com [81.159.167.239]) by cyrus.watson.org (Postfix) with ESMTPSA id 9EA5B46B09; Sun, 17 Jul 2011 08:23:46 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Robert N. M. Watson" In-Reply-To: <8240B0C4-6D3D-4D89-A6D0-F688E646E5BC@patpro.net> Date: Sun, 17 Jul 2011 13:23:40 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <1191160420.20110629145915@serebryakov.spb.ru> <8240B0C4-6D3D-4D89-A6D0-F688E646E5BC@patpro.net> To: Patrick Proniewski X-Mailer: Apple Mail (2.1084) Cc: Liste FreeBSD-security , postmaster@FreeBSD.org Subject: Re: OpenBSM: does somebody work on it? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jul 2011 12:23:49 -0000 On 17 Jul 2011, at 12:09, Patrick Proniewski wrote: > On 17 juil. 2011, at 12:14, Robert Watson wrote: >=20 >> Just catching up on back e-mail, and bumped into this thread. Did = you file PRs for these bugs? As Stacey mentions, the trustedbsd-audit = mailing list is where most discussion of OpenBSM takes place. It's = generally pretty quiet, but there are quite a few people using audit in = production, and I'm sure they'd appreciate bug reports (and even = fixes!). >=20 > The trusted BSD project web site looks like it has not been updated = since 2009, and mailing lists archives stop at january 2007. That's nice = to read they are still alive. But where are the archives then? The web site could definitely use an update. The mailing list archives have been broken for several years, despite = pings of postmaster. I've CC'd the postmaster in this e-mail as well to = see if we can get this fixed? (I have local copies of all the mail as well, if we need a new mbox to = import?) Robert